package com.realm;

import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

public class MyRealmMD5 extends AuthorizingRealm {

    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        return null;
    }

    // 认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        //拿到用户输入的账号密码
        String userName = (String) token.getPrincipal();

        String password = new String((char[]) token.getCredentials());

        //通过userName到数据库中查询密码
        String password_db = getPasswordByUserName(userName);
        //开发人员做比对:我们自己调用加密算法
        if(!new Md5Hash(password).toString().equals(password_db)){
            throw new RuntimeException("账号、密码不正确.");
        }

        return new SimpleAuthenticationInfo(userName,password,getName());
    }

    public String getPasswordByUserName(String userName){
        return "e10adc3949ba59abbe56e057f20f883e";
    }

}
